How to use the command 'nettop' (with examples)
- Osx
- December 25, 2023
The ’nettop’ command is a powerful tool that allows users to monitor network traffic, display network statistics, and track network connections. It provides real-time information about TCP and UDP sockets, processes, and network traffic. This article will illustrate several use cases of the ’nettop’ command and explain the purpose of each argument used in these examples.
Use case 1: Monitor TCP and UDP sockets from all interfaces
Code:
nettop
Motivation:
By running the ’nettop’ command without any arguments, users can monitor TCP and UDP sockets from all network interfaces on their system. This provides a comprehensive overview of the network activity, including the source and destination addresses, ports, and the amount of data transferred.
Explanation:
- No arguments are provided, so ’nettop’ will display all network sockets for all protocols.
- ’nettop’ will continuously update the information on the screen until the user interrupts the command.
Example output:
Interface State Bytes In(Bytes/s) Bytes Out(Bytes/s)
lo0 UP 0(0) 0(0)
ipsec0 DOWN 0(0) 0(0)
...
Use case 2: Monitor TCP sockets from Loopback interfaces
Code:
nettop -m tcp -t loopback
Motivation:
This use case is useful when monitoring network activity specifically related to TCP sockets from the Loopback interface. The Loopback interface is commonly used for internal communication between processes on the local machine, so monitoring TCP traffic on this interface can provide insights into local process communication.
Explanation:
- ‘-m tcp’ argument filters and displays only TCP sockets.
- ‘-t loopback’ argument filters and displays only sockets from the Loopback interface.
Example output:
Indx PCID LACID RACID PC/IP LPORT RPORT U Bytes In/Out Proto State Rem(IP/Port)
...
8060 0 0 0 ::1 52396 5910 6 339718214 61344 TCP ESTABL 104.18.238.150/80
7882 0 0 0 ::1 8080 6038 6 754800 8604 TCP TIME_W 172.217.171.240/80
...
Use case 3: Monitor a specific process
Code:
nettop -p "process_id|process_name"
Motivation:
Monitoring a specific process can be helpful when troubleshooting network issues related to a particular program or service. By using the ‘-p’ argument, users can filter the network activity to show only the sockets associated with a specific process.
Explanation:
- ‘-p’ argument filters the output based on the given process ID or process name. It uses a regular expression pattern to match the desired process.
- Users can provide either the process ID or the process name enclosed in quotes.
Example output:
Indx PCID LACID RACID PC/IP LPORT RPORT U Bytes In/Out Proto State Rem(IP/Port)
...
8060 0 0 0 ::1 52396 5910 6 339734070 61344 TCP ESTABL 104.18.238.150/80
7882 0 0 0 ::1 8080 6038 6 755332 8604 TCP TIME_W 172.217.171.240/80
...
Use case 4: Display a per-process summary
Code:
nettop -P
Motivation:
When monitoring network activity, it is often helpful to have an overview of the network usage by individual processes. This use case provides a per-process summary, highlighting the amount of data transmitted and received by each process.
Explanation:
- ‘-P’ argument displays a per-process summary, showing the total number of bytes in and out for each process.
- Users can see which processes are utilizing the network the most.
Example output:
PID Command Rx(Bytes) Tx(Bytes) Total(Bytes) Lifetime
7586 Google Chrome Helper (Renderer) 600866 84967 6858333275 26m 09s
7589 Google Chrome Helper (Renderer) 289714 60162 37661870604 26m 09s
7601 Google Chrome Helper (Renderer) 212077 60162 6028533190 26m 09s
...
Use case 5: Print 10 samples of network information
Code:
nettop -l 10
Motivation:
By default, ’nettop’ continuously updates the information on the screen in real-time. However, sometimes users may want to capture a snapshot of the network activity at a particular moment. This use case allows users to collect a limited number of samples instead of displaying an ongoing stream of data.
Explanation:
- ‘-l’ argument specifies the number of samples to print.
- In this example, ’nettop’ will print ten samples of network information and then exit.
Example output:
Interface State Bytes In(Bytes/s) Bytes Out(Bytes/s)
lo0 UP 0(0) 0(0)
ipsec0 DOWN 0(0) 0(0)
...
Use case 6: Monitor changes every 5 seconds
Code:
nettop -d -s 5
Motivation:
Continuous monitoring of the network activity can help identify sudden spikes or drops in data flow. This use case demonstrates how to configure ’nettop’ to update the information every five seconds, providing a more granular view of network changes over time.
Explanation:
- ‘-d’ argument enables the display to be updated as network data changes.
- ‘-s’ argument specifies the desired number of updates per second, in this example, every five seconds.
Example output:
Interface State Bytes In(Bytes/s) Bytes Out(Bytes/s)
lo0 UP 0(0) 0(0)
ipsec0 DOWN 0(0) 0(0)
...
Use case 7: While running nettop, list interactive commands
Code:
h
Motivation:
While running ’nettop’, users might want to access a list of interactive commands available to control and customize the output. This command can be useful when users need assistance with understanding or modifying ’nettop’s behavior on the fly.
Explanation:
- Typing ‘h’ while ’nettop’ is running will display a list of interactive commands and their descriptions.
Example output:
Interactive commands:
h - print this text
t - show/hide a table
N - sort table on column N
q - quit (interrupt)
Use case 8: Display help
Code:
nettop -h
Motivation:
When starting to use a new command, having access to detailed documentation can be essential. With the ‘-h’ argument, users can quickly access the help menu for ’nettop’, which provides an overview of the command’s functionality and the available options.
Explanation:
- ‘-h’ argument displays a help menu for the ’nettop’ command.
Example output:
Usage: nettop [-f filter] [proto [my_ip] [bpf]]
...
Conclusion:
This article has provided a comprehensive overview of various use cases of the ’nettop’ command, along with explanations, motivations, and example outputs. These examples highlight the versatility of ’nettop’ in monitoring network activity, displaying per-process summaries, and customizing the output to meet specific needs. By exploring the different arguments and options available in ’nettop’, users can gain valuable insights into their network infrastructure and troubleshoot network-related issues effectively.
